cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sam Tunnicliffe (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-7653) Add role based access control to Cassandra
Date Wed, 23 Dec 2015 10:15:47 GMT


Sam Tunnicliffe commented on CASSANDRA-7653:

bq. Is there any reason why we don't do this automatically?

Because, as you say, this is a potentially dangerous operation it's preferable to have its
execution controlled by an operator. Also, the schema change provides a handy synchronisation
point so we can have all nodes cut over to using the new tables for live auth requests simultaneously.
Coordinating that otherwise is tricky.

> Add role based access control to Cassandra
> ------------------------------------------
>                 Key: CASSANDRA-7653
>                 URL:
>             Project: Cassandra
>          Issue Type: Sub-task
>          Components: CQL, Distributed Metadata
>            Reporter: Mike Adamson
>            Assignee: Sam Tunnicliffe
>              Labels: docs-impacting, security
>             Fix For: 2.2.0 beta 1
>         Attachments: 7653.patch,,
> The current authentication model supports granting permissions to individual users. While
this is OK for small or medium organizations wanting to implement authorization, it does not
work well in large organizations because of the overhead of having to maintain the permissions
for each user.
> Introducing roles into the authentication model would allow sets of permissions to be
controlled in one place as a role and then the role granted to users. Roles should also be
able to be granted to other roles to allow hierarchical sets of permissions to be built up.

This message was sent by Atlassian JIRA

View raw message